ITIL Process Maturity Assessment

IT Managers undertaking implementation of ITIL processes should understand the concept of process
maturity.

This article provides you with a two part look at this subject. Part One reviews the Capability Maturity
Model (CMM). Part Two reviews Pink Elephant’s ITIL Process Maturity Self Assessment, which you can
use to evaluate the process maturity of your own processes.

Part One – Capability Maturity Model

The most common general purpose process maturity model is the Capability Maturity Model (CMM),
which was developed by the Software Engineering Institute (SEI), Carnegie Mellon University, in 1986.
This effort was initiated in response to the request of the U.S. Government to provide a method for
assessing the capability of its contractors.

Purpose Of The CMM

CMM is a framework that describes the key elements of an effective process. It provides a foundation for
process improvement. The CMM describes an evolutionary improvement path from an ad hoc, immature
process to a mature, disciplined process.

When followed, these key practices improve the ability of organizations to meet goals for cost, schedule,
functionality, and product quality. The goal is to improve efficiency, return on investment, and
effectiveness.

Originally CMM was designed for use by software developers. But today, its use has expanded.
Managers from all walks of life benefit from the maturity framework provided by CMM because it
establishes a context in which:

• Practices can be repeated; if you don’t repeat an activity there is no reason to improve it. There
are policies, procedures, and practices that commit the organization to implementing and
performing consistently

• Best practices can be rapidly transferred across groups. Practices are defined sufficiently to allow
for transfer across project boundaries, thus providing some standardization for the organization

• Variations in performing best practices are reduced. Quantitative objectives are established for
tasks; and measures are established, taken, and maintained to form a base-line from which an
assessment is possible

• Practices are continuously improved to enhance capability (optimizing)

Five Levels Of CMM Process Maturity

CMM describes five evolutionary stages (levels) in which an organization manages its processes through
maturity.

1. Initial
ƒ Processes are ad-hoc, chaotic, or actually few processes are defined

2. Repeatable
ƒ Basic processes are established and there is a level of discipline to stick to these processes

PinkLink – August, 2005. © Pink Elephant. All rights reserved. Page 1 of 8

Learn more about ITIL by visiting: www.pinkelephant.com.

ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce, and is
Registered in the US Patent and Trademark Office.
3. Defined
ƒ All processes are defined, documented, standardized and integrated into each other

4. Managed
ƒ Processes are measured by collecting detailed data on the processes and their quality

5. Optimizing
ƒ Continuous process improvement is adopted and in place by quantitative feedback and from
piloting new ideas and technologies

Part Two - Pink Elephant’s ITIL Process Maturity Self Assessment

The following assessment and action plan is based upon the ITIL IT service management process
framework and CMM.

Use the following approach to evaluate your organization’s effectiveness in managing key activities
described in the operational and tactical areas of the ITIL IT service management best practices
framework.

A Recommended Step-by Step Approach

1. Assemble the relevant team.
The relevant team means, process owners, functional managers and any relevant staff who work with
the processes to be assessed.

2. Rate each of the elements.

Be as honest as possible. There’s no value in over-rating or under-rating. The goal is to end up with
as close a representation as possible to what really exists. Only then can you begin to identify
realistic improvement opportunities. Use the maturity definitions and activity descriptions as guides.

3. Identify priorities for immediate improvement initiatives.

Analyze the results of the self-assessment to determine what CAN be improved from what needs to
be improved.

4. Assign and track immediate improvement initiatives.

Use the Action Table to document your improvement priorities and progress. Make sure each
initiative is given an owner, a timeframe and a validation metric (i.e. what it is that you need to see as
evidence that the initiative is delivering benefits).

Summary Of The ITIL Service Management Activities

1. IT Service Support Processes
Service Desk
• Provides advice and guidance to customers and rapid restoration of normal service
operations
• Meets expectations set out in the SLAs
• Communicates and promotes services
• Produces and initiates management information

PinkLink – August, 2005. © Pink Elephant. All rights reserved. Page 2 of 8

Learn more about ITIL by visiting: www.pinkelephant.com.

ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce, and is
Registered in the US Patent and Trademark Office.
Configuration Management
• Planning, design and management of a Configuration Management Database (CMDB)
• Configuration Items (CIs) to include hardware, software and related documentation
• Identification of CIs for entry into CMDB and their relationships to each other
• Regular verification of CMDB accuracy
• Process enables detailed reporting of assets

Incident Management
• Detection, classification, recording and initial support of incidents
• Prioritization based upon “impact” and “urgency”
• Ownership for incident resolution is clear

Problem Management
• Problems identified and managed separate from incidents (although linked)
• Fully diagnosed and understood problems redefined as Know Errors
• Requests For Changes (RFCs) generated to resolve Problems and Errors
• Trend analysis of incidents to identify underlying Problems
• Initiates management reports

Change Management
• Formal process for accepting, recording, authorizing, planning, testing, implementing and
reviewing Requests For Change (RFCs)
• Provides reports of changes to the infrastructure
• Drives updates to the CMDB

Release Management
• Maintains Definitive Software Library (DSL) and Definitive Hardware Store (DHS)
• Ensures quality and integrity is protected through strict version and release control
procedures
• Distributes new CIs from DSL and DHS only on instruction from Change Management

2. IT Service Delivery Processes

Service Level Management
• Documents default service levels in a Service Catalog; negotiates and implements SLAs
• Reviews SLA targets and IT service performance, and reports variances and initiates
discussions on changes to service levels, maintains regular communication with customers
• Continually reviews SLM process and Service Catalog (using Deming’s “Plan-Do-Check-Act”
approach)

Availability Management
• Detailed understanding of relationship between service level requirements and infrastructure
performance capabilities
• Analyzes and reports on infrastructure performance
• Provides feasibility data to SLM
• Uses Availability Plan to initiate RFCs to improve infrastructure and reduce risk

PinkLink – August, 2005. © Pink Elephant. All rights reserved. Page 3 of 8

Learn more about ITIL by visiting: www.pinkelephant.com.

ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce, and is
Registered in the US Patent and Trademark Office.
Capacity Management
• Detailed understanding of relationship between service level requirements and infrastructure
capacity capabilities – now and in the future
• Tracks infrastructure capacity performance, new technology opportunities and business
requirements
• Develops and works with ongoing Capacity Plans to initiate RFCs

Financial Management
• IT budgets are controlled
• Costs are categorized, known and under control
• Charging for services may be done as an option
• Reports on IT finances are produced and distributed to management.

IT Service Continuity Management

• Undertakes formal Risk Analysis and Risk Management activities
• Assets are identified and threats, and their levels of vulnerabilities, are understood
• Counter-measures to eliminate the threats or minimize the impact of a “crisis” are developed
• A Continuity Plan is developed, maintained and tested regularly

PinkLink – August, 2005. © Pink Elephant. All rights reserved. Page 4 of 8

Learn more about ITIL by visiting: www.pinkelephant.com.

ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce, and is
Registered in the US Patent and Trademark Office.
Definitions Of Pink Elephant’s Process Maturity Levels

LEVEL MATURITY DESCRIPTION

0 ABSENCE “There is absolutely no evidence of any activities supporting

the process”

1 INITIATION
“There are ad-hoc activities present, but we are not aware of
how they relate to each other within a single process”
• Some policy statements have been made
• Words but no documented objectives or plans
• No dedicated resources or real commitment

2 AWARENESS
“We are aware of the process but some activities are still
incomplete or inconsistent; there is no overall measuring or
control”
• Process driven by tool rather than defined separate from
tool
• Positions are created, but roles and responsibilities are
poorly defined

“The process is well defined, understood and implemented”

3 CONTROL
• Tasks, responsibilities and authorizations are well defined
and communicated
• Targets for quality are set and results are measured
• Comprehensive management reports are produced and
discussed
• Formal planning is done

4 INTEGRATION
“Inputs from this process come from other well controlled
processes; outputs from this process go to other well
controlled processes”
• Significant improvements in quality have been achieved
• Regular, formal communication between department heads
working with different processes
• Quality and performance metrics transferred between
processes

5 OPTIMIZATION “This process drives quality improvements and new business

opportunities beyond the process”
• Direct links to IT and corporate policy
• Evidence of innovation
• Quality management and continuous improvement activities
embedded
• Performance measurements are indicative of “world class”

PinkLink – August, 2005. © Pink Elephant. All rights reserved. Page 5 of 8

Learn more about ITIL by visiting: www.pinkelephant.com.

ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce, and is
Registered in the US Patent and Trademark Office.
 Results Of Your Self-Assessment

Highlight the rating for each element by inserting an “X” in the relevant cell of the table.

0 1 2 3 4 5

Service Desk

Configuration
Management

Incident
Management

Problem
Management

Change
Management

Release
Management

Service Level
Management

Availability
Management

Capacity
Management

Financial
Management

Service
Continuity
Management

PinkLink – August, 2005. © Pink Elephant. All rights reserved. Page 6 of 8

Learn more about ITIL by visiting: www.pinkelephant.com.

ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce, and is
Registered in the US Patent and Trademark Office.
Priority Improvement Areas
There are two reasons you’ll now need to prioritize and schedule your improvement efforts.

1. Availability Of Resources
Unless you have unlimited resources, it’s unlikely you’ll be able to initiate improvements in all areas
concurrently. You’re going to have to decide what will give you the most benefits for your efforts.

2. Critical Path
Some desired improvements may not be practical because of a need for an increased maturity level in a
related activity/processes.

Example #1: Configuration Management

Imagine how difficult it would be to maintain an up-to-date CMDB if the change control activities were not
being followed consistently. Such as:
• Changes being applied to the infrastructure without first raising RFCs
• RFCs not being universally recorded
• RFCs not being properly assessed or approved

In this instance, it’s likely that Change Management improvements will need to be implemented BEFORE
Configuration Management can be addressed.

Example #2: Problem Management

Imagine how difficult it would be to implement effective and comprehensive problem and error control
activities without mature incident control. Such as:
• Not all incidents being recorded in the incident database
• Poorly categorized incidents because of lack of consistent work instructions
• A lack of clearly defined escalation procedures

In this instance, it’s likely that Incident management and Service desk improvements will be needed
before the Problem Management maturity level can be raised.

Use the following table to help define and keep track of priority improvement initiatives.

PinkLink – August, 2005. © Pink Elephant. All rights reserved. Page 7 of 8

Learn more about ITIL by visiting: www.pinkelephant.com.

ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce, and is
Registered in the US Patent and Trademark Office.
 Action Table For Improvements

PROCESS IMPROVEMENT OWNER REVIEW VALIDATION

INITIATIVE DATE METRIC

Service Desk

Configuration
Management

Incident
Management

Problem
Management

Change
Management

Release
Management

Service Level
Management

Availability
Management

Capacity
Management

Financial
Management

Service Continuity
Management

PinkLink – August, 2005. © Pink Elephant. All rights reserved. Page 8 of 8

Learn more about ITIL by visiting: www.pinkelephant.com.

ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce, and is
Registered in the US Patent and Trademark Office.